@talboom Thanks for your question.

We don't natively provide these. While you can have unlimited roles, we don't currently have a fine grained access model.

Please feel free to file a feature request: https://github.com/fusionauth/fusionauth-issues/issues with details about your use case.

Alternatively, we work well with authorization servers like Oso or Cerbos, which can offer such fine grained permissions. Here's an example integration with Cerbos: https://cerbos.dev/video/using-cerbos-with-fusionauth

@tecnologia If you are looking to migrate your data from a self hosted instance to FusionAuth Cloud, please review this documentation: https://fusionauth.io/docs/v1/tech/installation-guide/cloud/#migrating-a-deployment

This doc covers all the steps.

@developer

I'm not quite sure what you are asking for. Can you explain a bit more? Maybe with an example?

@syed-muneeb

Can you provide a bit more context about what you are trying to accomplish, the errors you are seeing, and other procedural steps?

This may enable us to better assist.

Thanks,
Josh
FusionAuth

Hi @yukeng_wu,

Have you had a chance to review our k8's guide? This might be a good starting place for troubleshooting, etc.

https://fusionauth.io/docs/v1/tech/installation-guide/kubernetes/fusionauth-deployment/

Thanks,
Josh

@oleksiikraieviy

The forum is a great place to get unstuck and ask questions - so thanks for the feedback! The scenarios you have listed here could have a number of different implementation considerations depending on context.

One place to start looking would be our documentation.

We have documentation around MFA below:

https://fusionauth.io/docs/v1/tech/account-management/two-factor-sms/

As well as documentation around passwordless below:

https://fusionauth.io/docs/v1/tech/guides/passwordless/

Finally, we have documentation around messengers below:

https://fusionauth.io/docs/v1/tech/messengers/

Some of the flows you describe should technically be possible, but would likely require custom integration code on your end.

user can reset password using SMS.
Third one is passwordless auth using only phone with SMS code.

For instance, as far as I am aware, these are not natively built into FusionAuth. This would be a custom integration.

Generic messengers are very extensible and can integrate in a number of ways with the right integration/glue code.

I hope this helps!

Thanks,
Josh

@simo-adonis This is not possible with FusionAuth currently.

Here's the tracking issue: https://github.com/fusionauth/fusionauth-issues/issues/1

@jojo-serquina Thanks!

For any future readers, you can see the state of this feature request here: https://github.com/FusionAuth/fusionauth-issues/issues/1536

@dan That will work just fine. With that I'll actually just make a quick service that takes in the arguments to adjust and it generate that json for me. Thanks!

Just because it would align with all my other triggered processes, I'll actually make it as a postgres function so I can call it with my graphql api via hasura. This will actually work very well.

@faisal-jamil

FusionAuth, as you can see, doesn't like to be run without being assured TLS is involved. That is what the warnings are about. It relies on the X-Forwarded-Proto to be assured that TLS is involved.

It looks like you have this:

User -> (TLS) -> Internet -> (TLS) -> NLB -> (HTTP) -> Ingress -> (HTTP) -> FusionAuth

Which seems like a fine architecture (because from the NLB to FusionAuth is presumably a private, secure network, so TLS is not needed). The question is, how do you tell FusionAuth that things are okay? That's why I suggested trying to set the header.

I do not know how to modify X-Forwarded-Proto to https, without terminating at the Ingress controller.

I also do not know how to do this. I suggest reviewing the AWS documentation and/or contacting AWS support.

If you have a FusionAuth edition including support, you can also file a support ticket and the engineering team will take a look. (If you do that, please reference this forum post.)

@aperkins look in your oauth config for the app, inside FA, or the tenant config.

The redirect url is set there. Also , your app may be supplying a url as the redirect with that URL and it is not matching what's configured as the allowed redirect URLs in FA.

@fedir-sinchuk,

I am not very familiar with terraform myself. Have you resolved this issue or can you provide any more context feedback about what you are attempting to accomplish and any additional errors you are seeing?

Thanks,
Josh

@melichpelegri I'm not sure what you mean by silent refresh. Can you explain?